Ask Your Question

what's role for service user on keystone?

asked 2017-07-05 03:22:22 -0600

Hi, I have a question about keystone. In keystone tutorial, if other services(glance, nova..) was added into keystone, keystone add service user having same service name. Then, assigned admin role in service project. What's role for this service user?

I think that admin or demo user need to know service endpoint, but don't need service user. Thx!

edit retag flag offensive close merge delete


did you read the help text from: keystone-manage bootstrap --help ? The keystone user and its role are passed as parameters to this command.

mlschuler gravatar imagemlschuler ( 2017-07-06 09:43:46 -0600 )edit

1 answer

Sort by ยป oldest newest most voted

answered 2017-07-06 23:07:27 -0600

The various parts of an OpenStack cloud (Nova, Glance, ...) communicate with each other via API. To use each other's APIs, they need to authenticate with keystone. For authentication, they need an identity - user, password, project, domain. By convention, the domain is Default, the project is service, the user is the name of the OpenStack component.

They need the admin role to do things a normal user can't, in particular accessing other users' resources.

edit flag offensive delete link more

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower


Asked: 2017-07-05 03:22:22 -0600

Seen: 48 times

Last updated: Jul 06 '17